1. Field of the Invention
The present invention relates to policy administration for a network of computers. In particular, the present invention provides a method and system for administering pre-set policies to one or more client computers having access to a public network or e-mail by, among other things, sending packages of information between a policy orchestrating server and the client computers over the public network or e-mail with the aid of a secure communication pipe. The client computers that are to be maintained may also be part of one or more distinct wide area networks, or they may be stand-alone computers.
2. Description of the Related Art
Wide area computer networks are often maintained by a system administrator. One of the system administrator""s functions is to set policy for and to maintain software on the computers comprising the network. Typically, the system administrator decides, among other things, which software products are to be installed on the client computers and how that software is to be configured. In most wide area networks, the system administrator can communicate with each computer on the network in a secure manner because the computers are connected together with a private communication link. Messages, files, and data can be sent over the private communication link from one or more central servers to each computer on the network, and the computers on the network can use the private communication link to send messages, files, and data to one or more central servers.
Most wide area networks are also set up so that the system administrator can use a central server to configure software on the other computers in the network. The system administrator can issue and control policy for the wide area network and can update and configure software on any or all computers within the network. One typical and routine practice of a computer network system administrator is to periodically update virus scanning software on the computers in the administrator""s network.
One of the problems faced by large organizations with multiple locations is that each location often maintains a separate wide area network. Thus, it is difficult for one administrator to: set policy, configure, and maintain every workstation under the organization""s control. Moreover, it is of utmost importance that a high level of trust exist between a system administrator and the client computers to be administered. A person or entity successfully impersonating a system administrator can devastate an organization. In order to maintain the high level of security needed, some large organizations maintain dedicated and secure lines between multiple locations so that the system administrator can control all workstations owned or controlled by the organization. Nevertheless, even when dedicated lines are established, there are inevitably a few workstations within an organization, such as laptop computers, that are not connected to the administrator""s central server in a secure manner and therefore are not properly maintained and managed. Moreover, the cost of maintaining dedicated lines to small offices where there are few workstations can be prohibitive.
On the other hand, most organizationsxe2x80x94even small onesxe2x80x94have computers and networks that are configured to allow users to browse the World Wide Web portion of the Internet. And most mobile users have access to e-mail. Thus, it would be advantageous to use the Internet or e-mail as a means for configuring, setting policy for, and maintaining workstations owned and controlled by an organization. One major drawback, however, is that heretofore there has been no secure way to perform system administration tasks over public networks, such as the Internet, or e-mail systems. Therefore, a secure system and method that allows a system administrator to use the Internet or e-mail to set the policy for all computers owned or controlled by a given organization, regardless of whether all the computers are on the same wide area network, would provide a tremendous benefit in terms of cost and ease of administration.
It is thus an object of the present invention to allow a system administrator to set policy for and to administer software on a plurality of client computers that have access to e-mail or a public network, such as the Internet.
It is also an object of the present invention to allow a system administrator to manage one or more client computers having access to a public network, such as the Internet, or e-mail, regardless of how many diverse wide area networks the client computers may be part of.
Because most wide area networks employ firewalls and other security measures, it would be advantageous to have a system and method that would allow a system administrator to access, and to send information to and from, workstations that are part of secure networks. Thus, it is a further object of the present invention to provide a secure means for sending packages of information to and from a plurality of computers, which may reside on different wide area networks, regardless of the security protocols established by the individual wide area networks of which the computers reside.
The present invention provides a system and method for using a public network, such as the Internet, or e-mail systems to set policy for and to manage software on a plurality of client computers by sending packages of information between a Policy Orchestrator (xe2x80x9cPOxe2x80x9d) Server, which is under the control of a system administrator, and one or more of the client computers that contain software known as Policy Orchestrating Agents (xe2x80x9cPO Agentsxe2x80x9d). The PO Server and the PO Agents communicate with each other over a public network, or e-mail, with the aid of a secure communication path known as an SPIPE. The SPIPE allows packages of information to be sentxe2x80x94in a secure mannerxe2x80x94between the PO Server and the PO Agents residing on various client computers that are connected to a public network, such as the Internet, or have access to e-mail systems.
In the preferred embodiment the PO Server resides on a HTTP server that preferably contains a software repository for storing software to be installed on the client computers. The PO Server may contain or be interfaced with a Light Weight Data to Access Protocol (xe2x80x9cLDAPxe2x80x9d) database. The LDAP database is used to store policies set by an administrator for the various client computers containing PO Agents. The policies for each client may be stored in separate files in the LDAP database. Preferably, each PO Agent is assigned a unique identifier and has a public/private encryption key pair. The public key for each PO Agent is provided to the PO Server. This gives the PO Agents the ability to digitally sign packages of information that they may generate before sending the packages to the PO Server. Because the PO Server has the PO Agents public key, it can verify that a package came from an authorized PO Agent and has not been altered while in route to the PO Server. Likewise, the PO Server has a public/private encryption key pair and its public key is distributed to each PO Agent. Thus, the PO Server can also digitally sign packages of information before they are transmitted to a PO Agent and the receiving PO Agent can confirm that a package came from an authorized and trusted PO Server and has not been altered while in route.
As part of a preferred protocol, each PO Agent periodically checks-in with the PO Server. During this routine check-in procedure, the PO Agent sends to the PO Server a package containing, among other things, the current configuration of the client computer on which the PO Agent resides. Preferably, the package contains a header identifying the PO Agent that sent it, data or other information, which may be in the form of files, and a digital signature that was generated using the PO Agents private key.
In general, the packages are capable of containing various types of robust data, includingxe2x80x94but not limited toxe2x80x94policies set by a system administrator, such as configuration values for software residing on clients, information for virus scanning software (such as, the types of files to scan, the drives to scan, specific DAT files, etc.), configuration information for other software (such as, for example, default settings for software specific parameters), and any other information needed to manage and maintain software used by client computers. Packages may also contain, for example, software applications for client computers, software updates, music files, video files, certificate authority data, and encryption keys. Regardless of the data in the package, the package may be sent to the PO Server (or to a PO Agent) in a secure manner over a public network or e-mail with the aid of an SPIPE.
In one embodiment, the communication method employed by the SPIPE uses a Hypertext Transfer Protocol (xe2x80x9cHTTPxe2x80x9d). One advantage of using HTTP is that most wide area networks support communication with HTTP. More importantly, wide area networks that employ firewalls and other security measures usually allow computers on the wide area network to browse the Internet. Thus, the present invention allows the PO Server to administer to a plurality of computers on a plurality of different individual wide area networks, regardless of the security measures employed by the wide area networks. In an alternative embodiment, the present invention could employ an SPIPE that uses STMP, MAPI or WAP. The SPIPE would thus establish communications between the PO Server and the PO Agents using e-mail and wireless protocols. This would advantageously allow a central administrator to administer to mobile clients having installed PO Agents, such as laptops and Personal Digital Assistants (xe2x80x9cPDAsxe2x80x9d), where the mobile clients have e-mail access or access to wireless Internet service providers.
In a preferred embodiment, the present invention operates according to the following procedure: A PO Agent residing on a client computer periodically sends a package to a PO Server. The package contains, a header identifying the sending PO Agent, the current configuration of the client computer, and a digital signature that is generated by the sending PO Agent. Upon receiving the package, the PO Server uses the public key for the sending PO Agent to verify the signature for the package. If the signature cannot be verified, the package is ignored. However, if the signature verifies, the PO Server examines the package containing the current configuration of a client and checks a database to determine if any pre-set policy has been established for the particular PO Agent that has checked in. If there is a policy for that PO Agent, the PO Agent gets from the PO Server a package containing the policy. Before the package is transmitted over the SPIPE a header containing an identifier for that PO Agent is appended to the package. Before the package is transmitted, it is signed with the PO Server ""s private key, and the signature is appended to the package. Thus, the PO Agent canxe2x80x94upon receipt of the packagexe2x80x94use the PO Server""s public key to verify that it came from the PO Server and that it has not been altered by an unauthorized entity while in route.
In addition to policy, software or other relevant files for a particular client may be placed in a package and transmitted from the PO Server to the PO Agent. The package containing the software or other relevant files will be digitally signed in the same manner described above.
In the embodiment described above, the PO Agent did not receive a new policy for its client until it checked-in with the PO Server. In some situations, however, it may be advantageous for the PO Server to prompt the PO Agent to check-in with the PO Server before its regularly scheduled check-in. Thus, it may be desirable to configure the PO Server to send a message to PO Agents prompting them to check-in and get a package. To accomplish this earlier then scheduled checking-in, the PO Server preferably uses a pinging process.
In the embodiments described above, the packages are digitally signed but not encrypted. While it is possible to encrypt the packages, encryption policies and laws in various countries must be taken into consideration. One preferred alternative to encryption is to scramble the data in the packages before they are sent.